<?php

function user_logon() {
        global $langloginerror;

        $sql = "SELECT * FROM staffmaster WHERE ";
        $sql .= "StaffID = '" . $_POST['user_id'] . "' AND ";
        $sql .= "Enable = 1 AND ";
        $sql .= "LoginPassword = password('" . $_POST['login_password'] . "')";

        $sql_result = sql_execute($sql);

        if (mysql_num_rows($sql_result) != 1) {
                html_header();
                echo "<a href='login.php'>$langloginerror</a>";
                html_footer();
                exit;
        }
        else {
                $sql_data = mysql_fetch_array($sql_result);
                session_start();
                session_register('UserID', 'UserName', 'DateStyle', 'AccessLevel');
                $_SESSION['UserID'] = $sql_data['StaffID'] ;
                $_SESSION['UserName'] = $sql_data['StaffName'] ;
                $_SESSION['DateStyle'] = $sql_data['DateStyle'] ;
                $_SESSION['AccessLevel'] = $sql_data['AccessLevel'] ;
                $_SESSION['RecordPerPage'] = 20;

                // get language file name
                session_register('UserLanguage');
                $sql2 = "SELECT * FROM languagemaster WHERE LanguageID = '" . $sql_data['LanguageID'] . "'";
                $sql2_result = sql_execute($sql2);
                $sql2_data = mysql_fetch_array($sql2_result);
                $_SESSION['UserLanguage'] = $sql2_data['LanguageFile'] ;

                // load system parameters
                $sql = "SELECT * FROM openperiod";
                $sql_result = sql_execute($sql);
                $sql_data = mysql_fetch_array($sql_result);
                session_register('FromDate', 'ToDate', 'FromHour', 'ToHour', 'FromMinute', 'ToMinute', 'TimeSlice');
                $_SESSION['FromDate'] = $sql_data['FromDate'];
                $_SESSION['ToDate'] = $sql_data['ToDate'];
                $_SESSION['FromHour'] = $sql_data['FromHour'];
                $_SESSION['ToHour'] = $sql_data['ToHour'];
                $_SESSION['FromMinute'] = $sql_data['ToMinute'];
                $_SESSION['ToMinute'] = $sql_data['ToMinute'];
                $_SESSION['TimeSlice'] = $sql_data['TimeSlice'];
        }
}

function validate_user() {
        global $langloginerror;

//         if (! $_SESSION["UserID"]) {
//                 echo "<a href='index.php'>$langloginerror</a>";
//                 exit;
//         }
}

function sql_execute($sql) {

        $result = mysql_query($sql);
        if ($result) return $result;
        else {
                $error_message = "<br>" . $sql . "<br>" . mysql_errno() . " " . mysql_error() . "<br>";
                message_box($error_message);
                exit;
        }
}


function message_box($message) {
        ?>
        <script>
                window.open("message.php?message=<? echo $message ?>", "" , "scrollbars=1, width=400, height=200");
        </script>
        <?
}
?>
